SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   IBM Spectrum Protect (IBM Tivoli Storage Manager) Vendors:   IBM
(IBM Issues Fix for IBM Tivoli Storage Manager for Virtual Environments) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
SecurityTracker Alert ID:  1036187
SecurityTracker URL:  http://securitytracker.com/id/1036187
CVE Reference:   CVE-2016-3426   (Links to External Site)
Date:  Jun 28 2016
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): for Virtual Environments 7.1
Description:   Multiple vulnerabilities were reported in Oracle Java SE. A remote user can access data on the target system. A remote user can gain elevated privileges. IBM Tivoli Storage Manager for Virtual Environments is affected.

A remote user can exploit a flaw in the 2D component to gain elevated privileges [CVE-2016-3443].

A remote user can exploit a flaw in the Hotspot component to gain elevated privileges [CVE-2016-0687].

A remote user can exploit a flaw in the Serialization component to gain elevated privileges [CVE-2016-0686].

A remote user can exploit a flaw in the JMX component to gain elevated privileges [CVE-2016-3427].

A remote user can exploit a flaw in the Deployment component to gain elevated privileges [CVE-2016-3449].

A remote user can exploit a flaw in the Security component to access data [CVE-2016-0695].

A remote user can exploit a flaw in the JAXP component to cause partial denial of service conditions [CVE-2016-3425].

A remote user can exploit a flaw in the 2D component to cause partial denial of service conditions [CVE-2016-3422].

A remote user can exploit a flaw in the JCE component to partially access data [CVE-2016-3426].

Alex Gaynor; Alexander Innes of Necurity; Bees Bobo of CloverSec Labs; bo13oy of Trend Micro's Zero Day Initiative; Daniel Bleichenbacher of Google; David Cash of NCC Group; David Litchfield of Google; Dennis Tighe of Amazon Web Services IT Security;
Aleksandar Nikolic of Cisco Talos; Jacob Baines of Tenable Network Security; Jakub Palaczynski from ING Services Polska; Joshua Maddux; Marcin Woloszyn of ING Services Polska; Mark E D Thomas; Martin Petran of Accenture; Matias Mevied of Onapsis;
Paul Kehrer; Pierre Ernst of Salesforce.com; Quan Nguyen of Google; six and m4xk from Docler Holding IT Security Team; Steffen Gurtler of Bosch Software Innovations GmbH; Sule Bekin of Turk Telekom; and Thomas Van Tongerloo of Hewlett Packard Enterprise.

Impact:   A remote user can obtain data on the target system.

A remote user can gain elevated privileges on the target system.

Solution:   IBM has issued a fix for CVE-2016-3426 for IBM Tivoli Storage Manager for Virtual Environments.

The IBM advisory is available at:

http://www-01.ibm.com/support/docview.wss?uid=swg21985466

Vendor URL:  www-01.ibm.com/support/docview.wss?uid=swg21985466 (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 19 2016 Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC